Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20120610142329.GA9101@openwall.com>
Date: Sun, 10 Jun 2012 18:23:29 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: JtR to process the LinkedIn hash dump

On Wed, Jun 06, 2012 at 04:55:38PM -0500, jfoug wrote:
> The linkedin hash dump, was a big release today.  However, many the hashes
> themselves were modified, by overwriting the first 5 digits with 0's  (20
> bits).   There is now a patch on the JtR wiki page, which you can patch into
> a Jtr 1.7.9-jumbo-5 release. This will add a new format that is a
> modification of the raw-sha1 format.
> 
> The patches are found here:
> 
> http://openwall.info/wiki/john/patches

Thanks, Jim!

FWIW, here's a blog post by Francois Pesce who has experimented with
John the Ripper and JimF's "LinkedIn patch", successfully cracking 2
million passwords:

https://community.qualys.com/blogs/securitylabs/2012/06/08/lessons-learned-from-cracking-2-million-linkedin-passwords

Some others have cracked more passwords, perhaps mostly by using GPUs -
@CrackMeIfYouCan reported over 4 million cracked after the first day -
yet 2 million is a fine number, and more importantly the blog post
details the approach, which I thought some john-users may find useful.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.